Install Exchange 2010 as a custom installation installing only the mailbox role on the first server, the mailbox and client access role on the second server and the hub transport role on the third server.

You will need to change the default self signed certificate on the client access server and create an Exchange 2010 client access SSL certificate for client access.

In order to create a new certificate, you will need to generate a certificate request using the New-ExchangeCertificate cmdlet. Once you have a certificate request generated, you can obtain a certificate from your internal Certificate Authority (CA).

As you can see in the example, the output from the command is saved in a variable called $cert. Next, export the data to a text file using the Out-File cmdlet:

$cert | Out-File c:\cert.txt

After the request has been saved in the text file, submit the new request to your CA to obtain the certificate.

After you obtain a certificate from the CA, you will need to install it on the client access server. From the Exchange Management Console click Server Configuration and select the Client Access server to the right.

Down below, complete the pending request.

Navigate to the downloaded certificate.

Now that the certificate is installed, you need to enable it and assign Exchange services that it will be used for e.g. IIS.

For the first step in creating the actual DAG, create a new database, under Organization Configuration > Mailbox > Database Management tab, add a new mailbox database called DAG-DB-01.

Now you need to configure the DAG network. Open the Exchange Management Console, click on Organization Configuration > Mailbox > click the Database Availability Groups tab. You will find the networks listed below.

Right click each of the networks listed in bold, ensure that the Enable Replication tick box is not enabled on any networks except for the actual replication network (192.168.192.0/24)

Then at the top of the same page, you can create a new Database Availability Group, give it a name of DatabaseGroup, if you leave the Witness Server and Witness Directory blank, it will use the Hub Transport server by default, click next.

Right click on your new DAG to add members to it, click Manage Database Availability Group membership, then add in TS-EX-SYD-01 and TS-EX-SYD-02 (two mailbox servers). The database is DAG-DB-01.

You will need to setup an IP address on the MAPI network for the DAG itself, this should be in the same subnet as the MAPI (Data) network. If the DAG is on two separate subnets, across sites, then an IP address is needed for each subnet. You can list current DAG IP addresses by running Get-DatabaseAvailabilityGroup | FL

You can add DAG IP addresses using the console in the properties of the DAG.

Within the failover cluster, it will look like this, for which ever is the current cluster host server is which DAG IP address will be online.

That’s it, your DAG is setup. On the Database Management tab you will see the two members of the DAG.

If you are using Riverbed on your link, then you will need to disable Encryption and Compression on the DAG Replication